- Manufacturing is one of the most consistently targeted sectors of the economy.
- Healthcare and the Supply Chain are becoming increasingly vulnerable as well.
- Work from home arrangements and an increase in the use of remote access technologies since the onset of COVID-19 has made many organizations more vulnerable to cyber attacks.
- Rogue e-criminals increasingly outrank organized political hackers as the greatest source of danger.
Related to this episode:
- Automation World's feature story on why the age of IIoT Demands a New Security Paradigm.
- Summary of CrowdStrike's new 2021 report on industrial cybersecurity concern growth.
- Download PMMI's Cybersecurity White Paper to learn the most important actions you can take now to avoid a costly cyber attack.
|Read the transcript below:|
Hello and welcome to Take Five with Automation World. I'm David Miller, senior technical writer for Automation World. In this week's episode, I'm going to be talking about cybersecurity. Now, this is a very, very serious field. So serious, in fact, that research organization, Cybersecurity Ventures, actually estimates that cybercrime could cost the world $6 trillion in stolen income and lost revenue annually by the end of 2021.
Of course, this idea of cybercrime isn't new. In fact, the notion has actually been around for as long as we've had computerized systems. The term computer virus itself was actually coined in the mid-1980s to refer simply to a self-replicating computer program that could modify other programs. Yet, even before that, early computer networks had already been infected by malicious programs just like this. By contrast, today, cybercrime is actually far more varied in its forms and is as likely to be committed by a petty con artist as a seasoned computer scientist. As a result, the threat unfortunately is more real than ever. As computers have become democratized, so have computer crimes.
There are a few reasons it's become more acute in recent years. For industrial operators in particular, it's merely that more of their equipment and infrastructure is being taken off local area networks and being connected to the broader internet. But beyond that, when we look at society as a whole, we see cybercrime has grown really substantially in response to the reorganization of our lives that followed in the wake of the COVID-19 pandemic. When lockdowns took hold in early 2020, many workers migrated to home offices that lacked the cybersecurity protections of more commercial office buildings that tended to have dedicated IT staffs. Moreover, with remote access booming—not just in manufacturing but in countless other fields as well—the potential surface for attacks was greatly expanded.
Who are the targets of these cyberattacks? Well, ostensibly it could be anyone and everyone. However, there are some organizations and individuals who are more vulnerable than others. In addition, there are some targets which simply present a better value proposition for criminals. A term has even come into being to describe the seeking out of these highly-valued individuals. They call people who do this big game hunters. In any case, among the fields where we see the most cyberattacks are healthcare, supply chain management, and—unfortunately for our audience—manufacturing. In fact, manufacturing facilities saw 228 ransomware incidents in 2020, following just behind industrial engineering's 229 incidents, making them the most affected sectors.
Now, let's talk a little bit about who the attackers themselves are. Frankly, they run the gamut. They could be hacktivists who are looking to garner public attention for a cause, some are state-backed foreign actors engaged in political espionage, but a lot of them are simply rogue criminals who are looking to steal intellectual property and other private information for the purpose of financial extortion.
Frighteningly, this last group has actually grown to be the most common in the past two years, with cybersecurity company, CrowdStrike's, recently released 2021 global threat report estimating that 79% of all cybercrime is now committed by these so-called E-criminals. But it's important to note that cybercrime from hacktivists and political actors has actually increased as well. It's only that E-crime has increased so much faster that now it has been granted a larger share of the overall percentage.
Let's talk too about how these criminals go about conducting cyberattacks. There are two real pathways they can take, though sometimes the lines between them do become blurred. On the one hand, they can take the technical route. A good example of this might be the 2020 supply chain attack on the SolarWinds' Orion IT management software. Those responsible for this attack were able to distribute malicious code that was installed through the software's automatic update mechanism. This used a single point of intrusion to propagate itself to multiple downstream targets.
This is very sophisticated stuff, but not all cybercriminals are so tech savvy—nor do they need to be. There is a social/emotional route that can be taken. We often refer to this as phishing. For instance, throughout 2020, cybercriminals had a great deal of success tricking people who were working in healthcare into sending them private information by essentially playing on the fear and confusion surrounding COVID-19. Often, the way this would work is a request would be made for some piece of information under the specter of an impending public health crisis if they didn't send it along. What happened is—wanting to do the right thing and feeling overwhelmed—people on the receiving end of this often just acquiesced. It's not hard to imagine how a similar dynamic could play out in facilities that produce healthcare-related goods, such as personal protective equipment or even pharmaceutical products.
Obviously this is very scary stuff, but the good news is that there is a flurry of business activity in this space right now and cybersecurity solutions are only getting better and better every day. In fact, the Bureau of Labor Statistics is anticipating a 31% growth rate for employment in this space, which is well above average.
If you're interested in this, I do recommend you follow our coverage of burgeoning cybersecurity solutions here at Automation World. If you enjoyed this segment, keep your eyes on this space for more videos like this in the days to come.